From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joshua Marshall Subject: Re: Feature requests Date: Sat, 23 Mar 2019 10:01:24 -0400 Message-ID: References: <6BE771AB-3457-4FE6-87C3-98CCC4166083@lepiller.eu> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000da5b6a0584c36882" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:59048) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7hDU-000178-Bn for guix-devel@gnu.org; Sat, 23 Mar 2019 10:01:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h7hDR-0006ur-FL for guix-devel@gnu.org; Sat, 23 Mar 2019 10:01:44 -0400 Received: from mail-lj1-x22b.google.com ([2a00:1450:4864:20::22b]:38391) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h7hDN-0006rH-O7 for guix-devel@gnu.org; Sat, 23 Mar 2019 10:01:41 -0400 Received: by mail-lj1-x22b.google.com with SMTP id p14so3301433ljg.5 for ; Sat, 23 Mar 2019 07:01:37 -0700 (PDT) In-Reply-To: <6BE771AB-3457-4FE6-87C3-98CCC4166083@lepiller.eu> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Julien Lepiller Cc: guix-devel@gnu.org --000000000000da5b6a0584c36882 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I'm still getting my feet wet as it were. As a more relatable example, lets use glibc. Say an application developed in 2000 had bug compatibility with glibc at that time. Then say that bug is fixed circa 2005 and another introduced. Then have in 2010 an application made with bug compatibility for the 2005 version. Now, if both of these applications were co-installed at most one could work due to bug compatibility. Now I'm not saying this is good practice or even common, but this type of thing happens at my work frequently enough that we have a whole toolset dedicated to managing just this problem. It gets far more severe in the python world. To cope with such poorly behaved programs, greater levels of isolation are needed, like each individual thing running in its own Docker container. But sometimes even this isn't enough as the dependencies will have a similar problem and so such isolation measures need to be recursively applied. It gets messy. On Fri, Mar 22, 2019 at 6:30 PM Julien Lepiller wrote: > Hi! > > I'm not sure what you mean when you talk about incompatible packages, > maybe you could give a concrete example? I don't think there's anyching > that couldn't go to the store at least=E2=80=A6 So you can always create = separate > profiles. > > That said, I think people are working on improving the network support in > guix environment containers, and I think it's a good thing :). I'm not su= re > about cgroups, but our environments already provide quite a bit of > isolation. Have you tried "guix environment --ad-hoc python --container" > for instance? There are more options to control what parts of the file > system is available inside the container. > > Le 22 mars 2019 18:47:19 GMT+01:00, Joshua Marshall > a =C3=A9crit : >> >> Hello all, >> >> I was told in IRC to post my possibly unreasonable feature requests here= . >> >> I've been thinking more on what Guix might be able to do, and what would >> make it more useful for a few of my past jobs. I'd like to see it take = on >> the ability to have a per-installation target cgroup, network namespace, >> and filesystem chroot settings set with defaults which are overridable a= t >> invocation. In this way, a user could install and use packages with >> mutually incompatible dependencies (I talked about this with a few peopl= e >> on IRC) like what happens with python. If this kind of functionality we= re >> added, it would largely supplant Docker, virtualenv, pip, poetry, apk, >> pacman, and probably a few other tools at my company which are there jus= t >> to handle this kind of frailness. From this, I could also see an entry >> point to adding build module support to start to replace tools like Make= , >> CMake, Meson, Bazel, and so on. >> >> These expand the scope of Guix quite a bit, but I think these are needed >> for it to really feel logically complete. Does all this make sense? >> >> >> Please be advised that this email may contain confidential information. >> If you are not the intended recipient, please notify us by email by >> replying to the sender and delete this message. The sender disclaims tha= t >> the content of this email constitutes an offer to enter into, or the >> acceptance of, any agreement; provided that the foregoing does not >> invalidate the binding effect of any digital or other electronic >> reproduction of a manual signature that is included in any attachment. >> >> >> >> >> > > -- > Envoy=C3=A9 de mon appareil Android avec Courriel K-9 Mail. Veuillez excu= ser ma > bri=C3=A8vet=C3=A9. > --=20 Please be advised that this email may contain confidential information.=20 If you are not the intended recipient, please notify us by email by=20 replying to the sender and delete this message. The sender disclaims that= =20 the content of this email constitutes an offer to enter into, or the=20 acceptance of, any agreement; provided that the foregoing does not=20 invalidate the binding effect of any digital or other electronic=20 reproduction of a manual signature that is included in any attachment. =20 =C2=A0=C2=A0=20 =C2=A0=C2=A0=20 --000000000000da5b6a0584c36882 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I'm still getting my feet wet as it were.=C2=A0 As a m= ore relatable example, lets use glibc.=C2=A0 Say an application developed i= n 2000 had bug compatibility with glibc at that time.=C2=A0 Then say that b= ug is fixed circa 2005 and another introduced.=C2=A0 Then have in 2010 an a= pplication made with bug compatibility for the 2005 version.=C2=A0 Now, if = both of these applications were co-installed at most one could work due to = bug compatibility.=C2=A0 Now I'm not saying this is good practice or ev= en common, but this type of thing happens at my work frequently enough that= we have a whole toolset dedicated to managing just this problem.=C2=A0 It = gets far more severe in the python world.=C2=A0 To cope with such poorly be= haved programs, greater levels of isolation are needed, like each individua= l thing running in its own Docker container.=C2=A0 But sometimes even this = isn't enough as the dependencies will have a similar problem and so suc= h isolation measures need to be recursively applied.=C2=A0 It gets messy.

On Fri, Mar 22, 2019 at 6:30 PM Julien Lepiller <julien@lepiller.eu> wrote:
Hi!

I'm not sure what yo= u mean when you talk about incompatible packages, maybe you could give a co= ncrete example? I don't think there's anyching that couldn't go= to the store at least=E2=80=A6 So you can always create separate profiles.=

That said, I think people are working on improving the network supp= ort in guix environment containers, and I think it's a good thing :). I= 'm not sure about cgroups, but our environments already provide quite a= bit of isolation. Have you tried "guix environment --ad-hoc python --= container" for instance? There are more options to control what parts = of the file system is available inside the container.

Le 22 mars 2019 18:47:19 GMT+01:00, Joshua Marshall <j.marshall@arroyo.io> a =C3=A9crit :
Hello all,

I was told in IRC= to post my possibly unreasonable feature requests here.

I've been thinking more on what Guix might be able to do, and wh= at would make it more useful for a few of my past jobs.=C2=A0 I'd like = to see it take on the ability to have a per-installation target cgroup, net= work namespace, and filesystem chroot settings set with defaults which are = overridable at invocation.=C2=A0 In this way, a user could install and use = packages with mutually incompatible dependencies (I talked about this with = a few people on IRC) like what happens with python.=C2=A0 If this kind of f= unctionality were added, it would largely supplant Docker, virtualenv, pip,= poetry, apk, pacman, and probably a few other tools at my company which ar= e there just to handle this kind of frailness.=C2=A0 From this, I could als= o see an entry point to adding build module support to start to replace too= ls like Make, CMake, Meson, Bazel, and so on.

Thes= e expand the scope of Guix quite a bit, but I think these are needed for it= to really feel logically complete.=C2=A0 Does all this make sense?


Please be advised that this email may contain confiden= tial information. If you are not the intended recipient, please notify us b= y email by replying to the sender and delete this message. The sender discl= aims that the content of this email constitutes an offer to enter into, or = the acceptance of, any agreement; provided that the foregoing does not inva= lidate the binding effect of any digital or other electronic reproduction o= f a manual signature that is included in any attachment.

=C2=A0= =C2=A0=C2=A0=C2=A0<= /div>

--
Envoy=C3=A9 de mon appareil Android avec= Courriel K-9 Mail. Veuillez excuser ma bri=C3=A8vet=C3=A9.


Please be advised that this email may contain confiden= tial information. If you are not the intended recipient, please notify us b= y email by replying to the sender and delete this message. The sender discl= aims that the content of this email constitutes an offer to enter into, or = the acceptance of, any agreement; provided that the foregoing does not inva= lidate the binding effect of any digital or other electronic reproduction o= f a manual signature that is included in any attachment.

=C2=A0= =C2=A0=C2=A0=C2=A0 --000000000000da5b6a0584c36882--